Bugtraq mailing list archives
New DOS exploit for NT and Win95 (CONFIRMED?)
From: aleph1 () DFW NET (Aleph One)
Date: Thu, 8 Jan 1998 10:05:58 -0600
---------- Forwarded message ---------- Date: Thu, 08 Jan 1998 01:52:43 -0700 From: Jiva DeVoe <jiva () devware com> To: ntsecurity () iss net Subject: [NTSEC] New DOS exploit for NT and Win95 (CONFIRMED) This is just an FYI. I have confirmed and reproduced a new Denial of Service exploit for Windows NT and Windows95. Under Windows NT this exploit causes a proverbial BSOD, under Windows95, this causes an exception in IFSMGR.VXD. This exploit has been reported to Microsoft! Details Without putting out a blueprint of how to cause this. This is a modified teardrop attack. (NOTE: This DOES affect machines patched against teardrop) It utilizes UDP packets with altered headers. I have also provided Microsoft with source code to this exploit. Temporary Workaround Any workaround that would have been implemented against teardrop should work against this issue. By default, the UDP packets used in this exploit are aimed at very high port numbers. So perhaps by blocking UDP packets destined for high port numbers, you might be able to prevent this attack. However, since it can be aimed at any port, a clever user could get around filters such as this. I'd be happy to talk to anyone about other alternatives for working around this issue. Please feel free to repost this to NTBUGTRAQ (I'm not on that list) or wherever else you choose. ------------- Jiva DeVoe MCSE Devware Systems jiva () devware com
Current thread:
- Security flaw in either DIT TransferPro or Solaris The Man (Jan 05)
- Re: Security flaw in either DIT TransferPro or Solaris The Man (Jan 07)
- NetWare NFS Andrew J. Anderson (Jan 08)
- New DOS exploit for NT and Win95 (CONFIRMED?) Aleph One (Jan 08)
- bonk.c Aleph One (Jan 08)
- Re: bonk.c Jord Sonneveld (Jan 10)
- riptrace.c Aleph One (Jan 08)
- Re: riptrace.c Christopher Masto (Jan 08)
- Re: riptrace.c Alfred Huger (Jan 08)
- Nifty Security hole on Several NT Based Web Servers Aleph One (Jan 09)
- Re: riptrace.c Theo de Raadt (Jan 09)
- Re: riptrace.c Hubert Feyrer (Jan 08)
- Source for NEWTEAR.C Aleph One (Jan 09)
- Re: riptrace.c Christopher Masto (Jan 08)